Pesky Netsky virus alert

Security experts are warning net users to watch out for a new worm that attempts to deactivate the recent Mydoom viruses.

Netsky.B spreads via both email - forwarding itself to addresses found by scanning the hard drive of infected computers - and Windows network shares.

It inserts several entries in the Windows Registry and attempts to remove registry entries related to recent viruses, including MyDoom.A and MyDoom.B.

According to anti-virus companies, an email infected with Netsky.B arrives with a subject, message body and an attached file selected at random from a list of options. It also spoofs the address of the sender in order to trick the user into running the attached file, which contains the worm.

Netsky.B also searches drives C and Z for folder names containing the words ‘share’ or ‘sharing’ and then copies itself to those folders. By doing this the worm can also spread through P2P applications such as Kazaa and eMule.

Kevin Hogan, senior manager at Symantec Security Response, said: “The best thing to do is not to panic and to make sure your anti-virus software is updated. This threat is very similar to the mass mailers we have seen previously, and reinforces the importance of thinking before you click to launch an attachment."